US10841314B2ActiveUtilityA1

Identifying and blacklisting problem clients using machine learning in wireless networks

67
Assignee: CISCO TECH INCPriority: Apr 9, 2018Filed: Apr 9, 2018Granted: Nov 17, 2020
Est. expiryApr 9, 2038(~11.7 yrs left)· nominal 20-yr term from priority
H04W 48/02H04L 41/5064H04L 41/507H04L 41/16H04L 41/0681H04L 43/0823H04W 76/18H04W 8/18G06N 20/00H04W 24/08H04L 63/102
67
PatentIndex Score
1
Cited by
13
References
20
Claims

Abstract

In one embodiment, a network assurance service that monitors a wireless network receives data regarding connection failures of a wireless client of the wireless network. The network assurance service forms a behavioral profile for the wireless client based on the received data regarding the connection failures of the wireless client. The network assurance service uses machine learning to determine whether the behavioral profile of the wireless client is an outlier in relation to behavioral profiles of other wireless clients of the wireless network. The network assurance service causes performance of a mitigation action with respect to the wireless client, when the wireless client is determined to be an outlier.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 receiving, at a network assurance service that monitors a wireless network, data regarding connection failures of a plurality of wireless clients configured to connect to the wireless network via one or more access points of the wireless network; 
 forming, by the network assurance service, a behavioral profile for each of the wireless clients based on the received data regarding the connection failures of the wireless clients; 
 using, by the network assurance service, machine learning to determine whether the behavioral profile of a particular wireless client of the wireless clients is an outlier in relation to the behavioral profiles of other wireless clients of the wireless clients; and 
 causing, by the network assurance service, performance of a mitigation action with respect to the particular wireless client, when the particular wireless client is determined to be an outlier. 
 
     
     
       2. The method as in  claim 1 , wherein the mitigation action comprises blacklisting the particular wireless client from onboarding to the wireless network via the one or more access points of the wireless network. 
     
     
       3. The method as in  claim 2 , further comprising:
 blacklisting the particular wireless client for a period of time that is based on any prior blacklisting of the particular wireless client. 
 
     
     
       4. The method as in  claim 2 , further comprising:
 causing a media access control (MAC) address associated with the particular wireless client to be sent to the one or more access points via a blacklist request. 
 
     
     
       5. The method as in  claim 1 , wherein forming the behavioral profile of the particular wireless client comprises:
 determining a number of days the particular wireless client was seen by the wireless network; 
 determining a number of access points of the wireless network to which the particular wireless client attempted to connect; and 
 determining a connection failure rate for the particular wireless client. 
 
     
     
       6. The method as in  claim 1 , wherein forming the behavioral profile of the particular wireless client comprises:
 calculating a contiguous failure ratio for the particular wireless client as a ratio of days on which the particular wireless client successfully connected to the wireless network at least once to days the particular wireless client was seen by the wireless network. 
 
     
     
       7. The method as in  claim 6 , wherein using machine learning to determine whether the particular wireless client is an outlier comprises:
 classifying the particular wireless client as an outlier based in part on a determination that the contiguous failure ratio for the particular wireless client indicates that the connection failures of the particular wireless client are intermittent. 
 
     
     
       8. The method as in  claim 1 , wherein using machine learning to determine whether the particular wireless client is an outlier comprises:
 classifying the particular wireless client as an outlier based in part on a connection failure rate in the behavioral profile of the particular wireless client with respect a particular access point of the wireless network being statistically different from an overall connection failure rate for the particular access point by a threshold amount. 
 
     
     
       9. The method as in  claim 1 , wherein using machine learning to determine whether the particular wireless client is an outlier comprises:
 classifying the particular wireless client as an outlier based in part on a determination that the connection failures of the particular wireless client are associated with the particular wireless client attempting to access the wireless network using a secret key and not through web based authentication. 
 
     
     
       10. The method as in  claim 1 , wherein using machine learning to determine whether the particular wireless client is an outlier comprises:
 classifying the particular wireless client as an outlier based in part on a determination that the particular wireless client connected to a plurality of access points in the wireless network and did not favor a particular one of the plurality of access points by a threshold amount. 
 
     
     
       11. An apparatus, comprising:
 one or more network interfaces to communicate with a wireless network; 
 a processor coupled to the network interfaces and configured to execute one or more processes; and 
 a memory configured to store a process executable by the processor, the process when executed configured to:
 receive data regarding connection failures of a plurality of wireless clients configured to connect to the wireless network via one or more access points of the wireless network; 
 form a behavioral profile for each of the wireless clients based on the received data regarding the connection failures of the wireless clients; 
 use machine learning to determine whether the behavioral profile of a particular wireless client of the wireless clients is an outlier in relation to the behavioral profiles of other wireless clients of the wireless clients; and 
 cause performance of a mitigation action with respect to the particular wireless client, when the particular wireless client is determined to be an outlier. 
 
 
     
     
       12. The apparatus as in  claim 11 , wherein the mitigation action comprises blacklisting the particular wireless client from onboarding to the wireless network via the one or more access points of the wireless network. 
     
     
       13. The apparatus as in  claim 12 , wherein the process when executed is further configured to:
 blacklist the particular wireless client for a period of time that is based on any prior blacklisting of the particular wireless client; and 
 cause a media access control (MAC) address associated with the wireless client to be sent to the one or more access points via a blacklist request. 
 
     
     
       14. The apparatus as in  claim 11 , wherein the apparatus forms the behavioral profile of the particular wireless client by:
 determining a number of days the particular wireless client was seen by the wireless network; 
 determining a number of access points of the wireless network to which the particular wireless client attempted to connect; and 
 determining a connection failure rate for the particular wireless client. 
 
     
     
       15. The apparatus as in  claim 11 , wherein forming the behavioral profile of the particular wireless client comprises:
 calculating a contiguous failure ratio for the particular wireless client as a ratio of days on which the particular wireless client successfully connected to the wireless network at least once to days the particular wireless client was seen by the wireless network. 
 
     
     
       16. The apparatus as in  claim 15 , wherein the apparatus uses machine learning to determine whether the particular wireless client is an outlier by:
 classifying the particular wireless client as an outlier based in part on a determination that the contiguous failure ratio for the particular wireless client indicates that the connection failures of the particular wireless client are intermittent. 
 
     
     
       17. The apparatus as in  claim 11 , wherein the apparatus uses machine learning to determine whether the particular wireless client is an outlier by:
 classifying the particular wireless client as an outlier based in part on a connection failure rate in the behavioral profile of the particular wireless client with respect a particular access point of the wireless network being statistically different from an overall connection failure rate for the particular access point by a threshold amount. 
 
     
     
       18. The apparatus as in  claim 11 , wherein the apparatus uses machine learning to determine whether the particular wireless client is an outlier by:
 classifying the particular wireless client as an outlier based in part on a determination that the connection failures of the particular wireless client are associated with the particular wireless client attempting to access the wireless network using a secret key and not through web based authentication. 
 
     
     
       19. The apparatus as in  claim 15 , wherein the apparatus uses machine learning to determine whether the particular wireless client is an outlier by:
 classifying the particular wireless client as an outlier based in part on a determination that the particular wireless client connected to a plurality of access points in the wireless network and did not favor a particular one of the plurality of access points by a threshold amount. 
 
     
     
       20. A tangible, non-transitory, computer-readable medium storing program instructions that cause a network assurance service that monitors a wireless network to execute a process comprising:
 receiving, at a network assurance service that monitors a wireless network, data regarding connection failures of a plurality of wireless clients configured to connect to the wireless network via one or more access points of the wireless network; 
 forming, by the network assurance service, a behavioral profile for each of the wireless clients based on the received data regarding the connection failures of the wireless clients; 
 using, by the network assurance service, machine learning to determine whether the behavioral profile of a particular wireless client of the wireless clients is an outlier in relation to the behavioral profiles of other wireless clients of the wireless clients; and 
 causing, by the network assurance service, performance of a mitigation action with respect to the particular wireless client, when the particular wireless client is determined to be an outlier.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.